Author: Lars Michelsen <[email protected]>
Date: Fri Nov 25 16:09:09 2011 +0100
Committer: Lars Michelsen <[email protected]>
Commit-Date: Fri Nov 25 16:09:09 2011 +0100
Fixed multisite auth logout
---
share/server/core/classes/CoreAuthHandler.php | 15 ++++++++++-----
share/server/core/classes/CoreSessionHandler.php | 4 ++++
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/share/server/core/classes/CoreAuthHandler.php
b/share/server/core/classes/CoreAuthHandler.php
index e5b39cd..156d5c6 100644
--- a/share/server/core/classes/CoreAuthHandler.php
+++ b/share/server/core/classes/CoreAuthHandler.php
@@ -157,18 +157,21 @@ class CoreAuthHandler {
// out if the auth_* cookie does not exist anymore. The cookie name
has been
// stored in the session var multisiteLogonCookie
// This is a bad hacky place for this but I see no other good solution
atm
- if($bAlreadyAuthed &&
$this->SESS->isSetAndNotEmpty('multisiteLogonCookie')
- && !isset($_COOKIE[$this->SESS->get('multisiteLogonCookie')])) {
- $this->logout(true);
- return false;
+ if($bAlreadyAuthed &&
$this->SESS->isSetAndNotEmpty('multisiteLogonCookie')) {
+ $cookieName = $this->SESS->get('multisiteLogonCookie');
+ if(!$cookieName || !isset($_COOKIE[$cookieName])) {
+ $this->logout(true);
+ return false;
+ }
}
// When the user authenticated in trust mode read it here and override
// the value handed over with the function call.
- // The isAuthentication() function will then only check if the user
exists.
+ // The isAuthenticated() function will then only check if the user
exists.
if($this->authedTrusted())
$bTrustUsername = AUTH_TRUST_USERNAME;
+
// Ask the module
$isAuthenticated = $this->MOD->isAuthenticated($bTrustUsername);
@@ -233,6 +236,8 @@ class CoreAuthHandler {
$this->SESS->set('authCredentials', false);
$this->SESS->set('userPermissions', false);
$this->SESS->set('logonModule', false);
+ $this->SESS->del('multisiteLogonCookie');
+ $this->SESS->del('authTrusted');
return true;
}
diff --git a/share/server/core/classes/CoreSessionHandler.php
b/share/server/core/classes/CoreSessionHandler.php
index 1e57a54..1af11a4 100644
--- a/share/server/core/classes/CoreSessionHandler.php
+++ b/share/server/core/classes/CoreSessionHandler.php
@@ -110,6 +110,10 @@ class CoreSessionHandler {
return $sOld;
}
+
+ public function del($key) {
+ unset($_SESSION[$key]);
+ }
}
?>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Nagvis-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nagvis-checkins
